How To Stay Secure When Using Online Banking

Online banking makes organising your finances much more convenient, but can also expose you to major security risks. Keep your net banking experiences stress-free by always following these basic guidelines.

Picture by squeakywheel

As is the case with many Lifehacker 101 posts, much of this stuff might seem obvious or second-nature if you're a seasoned techie, and it's certainly territory we've touched on before. However, even seasoned techies make mistakes, and it's also useful advice to pass on to less savvy friends and relatives.

Make sure your browser and operating system are up-to-date

New security flaws are discovered in browsers and operating systems all the time, but a huge percentage of online criminal activity relies on exploiting vulnerabilities which are well-known, but which haven't been fixed by individual users. If you're not using the most up-to-date version of your preferred browser and operating system, you're dramatically increasing your risk simply by being lazy. Get up to speed with our complete guide to keeping your PC up-to-date.

Type your bank address directly into your browser

One of the most common attacks on banking customers is to direct users to "phishing" sites, which look like a legitimate bank but are actually a copy designed solely to collect user passwords and other details. An important strategy in avoiding such attacks is to make a habit of always visiting your bank site by typing the address directly into your browser. (A more extreme version of the same practice is to use a Linux live CD which you boot into solely for the purposes of banking activity.)

Use a safe and unique password

If your online banking password is your surname, the name of your first pet, the town you grew up in, your maiden name, or any other piece of vaguely obvious personal data, then you're asking for trouble. Even if you're using a combination of letters, numbers and punctuation that doesn't spell anything, you're also asking for trouble if you use the same password for online banking as you do for everything else. Check out our guide to choosing and remembering passwords to come up with a better alternative.

Make use of available security features

Many banks now offer additional security features, such as two-factor authentication which requires you to enter a unique one-time password sent to your mobile phone as well as your regular password whenever you log in. This can seem like an additional hassle, but it means that your account can't be accessed simply by acquiring your main password details.

Don't access Internet banking in public locations

You can secure your own PC, but you have no way of knowing what facilities are available on a machine in an Internet cafe, library or hotel lobby. It's very tempting to check your bank balance while you're travelling, but it's also very risky. The same also applies to basic free Wi-Fi connections on your own PC; the risk factor of using them is too high to be worth serious consideration.

Never respond directly to emails or phone calls

Your bank has not sent you an email asking you to confirm your passwords, or that you planned to spend $400 on adult videos -- it's a scam designed to either acquire your data or infect your PC with malware when you click on a link. Delete it. Even if you think the message is genuine, ring your bank (and look up the number independently) to find out the details.

In the same vein, if someone claiming to be your bank rings to discuss your account, say that you can't hand out any details to an unknown caller, then ring back. The call may well be genuine, but how will you know? Any legitimate bank employee won't have a problem with this; if someone argues that you need to talk to them immediately, they're almost certainly a scammer.

Monitor your statements regularly

If you still receive paper statements, check them regularly to make sure there's no unexpected activity. If you've shifted to purely online banking, set aside a regular weekly appointment to check your banking details and make sure nothing's amiss. If you spot anything unfamiliar, contact your bank immediately.

Don't forget to log out when you're finished

Obvious, but still important. Most banking sites will automatically log you out if there's no activity after a fixed period of time, but that still leaves you potentially vulnerable to curious family members.

Got any additional tricks you use to ensure your online banking is safe? Share them in the comments.

Lifehacker 101 is a weekly feature covering fundamental techniques that Lifehacker constantly refers to, explaining them step-by-step. Hey, we were all newbies once, right?


Comments

    To avoid key loggers save your password in a password protected document then cut and paste it into your browser when you need to log in.

      My bank has an excellent password system:

      http://i42.tinypic.com/ka4t8x.jpg

        Being new to Australia, I was surprised on how easy it was to login, which can be a bad thing.

        I lived in New Zealand, and my bank, BNZ (owned by NAB) have these 'netguard' cards with a grid layout of scrambled letters. Each time you log in it would ask for three different letters.

        Sure it was inconvenient, but I kept it in my wallet and wasn't afraid of using public computers, since if they got my password, they still can't login without the card.

        I guess because Australia is so big it would not be economical to roll out something like this...

        Saving your password in a file is a bad idea, malware that is after your banking details also check data entered into forms on bank websites.

        On screen keyboards also don't foil malware, as many will take screenshots and user OCR to work it out. Also, from what I've seen (and I'm in the industry), almost all Australian implementations of onscreen keyboards/pinpads are purely cosmetic. A login can be made by directly posting the login details using HTTP.

        All you really need to do to keep safe is what Angus has suggested.

    How about keeping a live linux bootable distro on a CD and just cold-booting from that before you do your banking?

Join the discussion!

Trending Stories Right Now